Disable mlock for vault

2024-01-10 23:23:53 +01:00 · 2024-01-10 23:23:53 +01:00 · edcde96ded
parent 9a5faed3d9
commit edcde96ded
4 changed files with 6 additions and 4 deletions
--- a/example/acme-to-vault.nomad.hcl
+++ b/example/acme-to-vault.nomad.hcl
@ -45,7 +45,7 @@ job "acme-to-vault" {
      user   = 8787

      config {
-        image           = "danielberteaud/acme-to-vault:24.1-1"
+        image           = "danielberteaud/acme-to-vault:24.1-2"
        readonly_rootfs = true
        pids_limit      = 20

--- a/example/images/acme-to-vault/Dockerfile
+++ b/example/images/acme-to-vault/Dockerfile
@ -24,7 +24,8 @@ ENV ACME_HTTP_PORT=8787 \
    ACME_0_CA=https://acme-staging-v02.api.letsencrypt.org/directory \
    ACME_0_KV_CERT_ROOT=kv/service/traefik/certs \
    ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
-    VAULT_ADDR=https://vault.service.example.org:8200
+    VAULT_ADDR=https://vault.service.example.org:8200 \
+    VAULT_DISABLE_MLOCK=true

 COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
 RUN set -eu &&\
--- a/images/acme-to-vault/Dockerfile
+++ b/images/acme-to-vault/Dockerfile
@ -24,7 +24,8 @@ ENV ACME_HTTP_PORT=8787 \
    ACME_0_CA=https://acme-staging-v02.api.letsencrypt.org/directory \
    ACME_0_KV_CERT_ROOT=kv/service/traefik/certs \
    ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
-    VAULT_ADDR=https://vault.service.example.org:8200
+    VAULT_ADDR=https://vault.service.example.org:8200 \
+    VAULT_DISABLE_MLOCK=true

 COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
 RUN set -eu &&\
--- a/variables.yml
+++ b/variables.yml
@ -5,7 +5,7 @@ instance: acme-to-vault

 acme:
  # The Docker image to use
-  image: '[[ .docker.repo ]]acme-to-vault:24.1-1'
+  image: '[[ .docker.repo ]]acme-to-vault:24.1-2'

  # If a cron expression is defined, the service will stay running and renew certs.
  # If an empty string, the container will exit after running once